CloudEngine S16700 V600R022C10 Configuration Guide - VXLAN
Example for Establishing VXLAN Tunnels in BGP EVPN Mode (Distributed VXLAN Gateway)
Networking Requirements
Distributed VXLAN gateways can address issues with centralized gateway networking. Such issues include sub-optimal forwarding paths and bottlenecks on Layer 3 gateways in terms of ARP entry specifications.
On the network shown in Figure 2-49, an enterprise has VMs deployed in different data centers. VM1 on Server1 (Server1 VM1 for short) belongs to VLAN 10, Server2 VM1 belongs to VLAN 20. The two VMs belong to different network segments. Server1 VM1 and Server2 VM1 need to communicate with each other through a distributed VXLAN gateway. Device1 is deployed in AS 100, Device2 in AS 200, and Device3 in AS 300. The three devices all use AS number 100 as their BGP EVPN process ID.
Figure 2-49 Networking for configuring VXLAN in distributed gateway mode![]()
![]()
In this example, interface1 and interface2 represent 10GE1/0/1 and 10GE1/0/2, respectively.
Table 2-20 Interface IP addresses
Device |
Interface |
IP Address |
|---|---|---|
Device1 |
10GE1/0/1 |
192.168.3.2/24 |
10GE1/0/2 |
192.168.2.2/24 |
|
LoopBack0 |
1.1.1.1/32 |
|
Device2 |
10GE1/0/1 |
192.168.2.1/24 |
LoopBack0 |
2.2.2.2/32 |
|
Device3 |
10GE1/0/1 |
192.168.3.1/24 |
LoopBack0 |
3.3.3.3/32 |
Precautions
Table 2-21 lists the RDs and RTs of EVPN and VPN instances.
Table 2-21 RDs and RTs of devices
Device |
RD |
RT |
|---|---|---|
Device2 |
EVPN instance: 10:2 VPN instance: 20:2 |
EVPN instance:
VPN instance:
|
Device3 |
EVPN instance: 10:3 VPN instance: 20:3 |
EVPN instance:
VPN instance:
|
Figure 2-50 Configuring RTs
![]()
The RT configuration guidelines for VPN and EVPN instances are as follows:
- For VPN instances, specify the evpn keyword during the configuration of an ERT (such as ERT Y) and an IRT (such as IRT Y) to enable route leaking into peer EVPN instances for host route generation. If route leaking into common L3VPN instances is required, configure common RTs on demand.
- In EVPN instances, in addition to ERTs (such as ERT A and ERT B) and IRTs (such as IRT A and IRT B) for different BDs, configure ERT Y that is used for route leaking into a peer VPN instance. Generally, IRT Y does not need to be configured, because doing so would cause MAC addresses to be advertised in EVPN instances of different BDs.
- The ERT/IRT Y value of a VPN instance cannot be the same as the ERT/IRT A or ERT/IRT B value of an EVPN instance. It is recommended that the VPN and EVPN instances use different RT ranges for differentiation.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure EBGP to run between Device1, Device2, and Device3.
- Configure service access points on Device2 and Device3 to differentiate service traffic.
- Enable EVPN to function as the VXLAN control plane protocol.
- Configure Device2 and Device3 to establish IBGP EVPN peer relationships with Device1.
- Configure Device1 to establish BGP EVPN peer relationships with Device2 and Device3. Then, configure Device1 as the RR.
- Configure VPN and EVPN instances on Device2 and Device3.
- Enable ingress replication on Device2 and Device3.
- Configure Layer 3 VXLAN gateways on Device2 and Device3.
- Configure BGP to advertise IRB routes between Device1 and Device2 and between Device1 and Device3.
Procedure
- Configure EBGP.
# Configure Device1. The configurations of Device2 and Device3 are similar to the configuration of Device1.
<HUAWEI> system-view [HUAWEI] sysname Device1 [Device1] interface loopback 0 [Device1-LoopBack0] ip address 1.1.1.1 32 [Device1-LoopBack0] quit [Device1] interface 10ge 1/0/1 [Device1-10GE1/0/1] undo portswitch [Device1-10GE1/0/1] ip address 192.168.3.2 24 [Device1-10GE1/0/1] quit [Device1] interface 10ge 1/0/2 [Device1-10GE1/0/2] undo portswitch [Device1-10GE1/0/2] ip address 192.168.2.2 24 [Device1-10GE1/0/2] quit [Device1] bgp 100 [Device1-bgp] peer 192.168.2.1 as-number 200 [Device1-bgp] peer 192.168.3.1 as-number 300 [Device1-bgp] network 1.1.1.1 32 [Device1-bgp] quit
- Configure a service access point on Device2 and Device3.
# Configure Device2. The configuration of Device3 is similar to the configuration of Device2.
[Device2] bridge-domain 10 [Device2-bd10] quit [Device2] interface 10ge 1/0/2.1 mode l2 [Device2-10GE1/0/2.1] encapsulation dot1q vid 10 [Device2-10GE1/0/2.1] bridge-domain 10 [Device2-10GE1/0/2.1] quit
- Enable EVPN to function as the VXLAN control plane protocol.
# Configure Device1. The configurations of Device2 and Device3 are similar to the configuration of Device1.
[Device1] evpn-overlay enable
- Configure Device1 to establish BGP EVPN peer relationships with Device2 and Device3. Then configure Device1 as the RR and Device2 and Device3 as the RR clients.# Configure BGP EVPN peer relationships on Device1.
[Device1] bgp 100 instance evpn1 [Device1-bgp-instance-evpn1] peer 2.2.2.2 as-number 100 [Device1-bgp-instance-evpn1] peer 2.2.2.2 connect-interface LoopBack0 [Device1-bgp-instance-evpn1] peer 3.3.3.3 as-number 100 [Device1-bgp-instance-evpn1] peer 3.3.3.3 connect-interface LoopBack0 [Device1-bgp-instance-evpn1] l2vpn-family evpn [Device1-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [Device1-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 reflect-client [Device1-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [Device1-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 reflect-client [Device1-bgp-instance-evpn1-af-evpn] undo policy vpn-target [Device1-bgp-instance-evpn1-af-evpn] quit [Device1-bgp-instance-evpn1] quit
- Configure Device2 and Device3 to establish IBGP EVPN peer relationships with Device1.# Configure a BGP EVPN peer relationship on Device2. The configuration of Device3 is similar to the configuration of Device2.
[Device2] bgp 100 instance evpn1 [Device2-bgp-instance-evpn1] peer 1.1.1.1 as-number 100 [Device2-bgp-instance-evpn1] peer 1.1.1.1 connect-interface LoopBack0 [Device2-bgp-instance-evpn1] l2vpn-family evpn [Device2-bgp-instance-evpn1-af-evpn] peer 1.1.1.1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [Device2-bgp-instance-evpn1-af-evpn] quit [Device2-bgp-instance-evpn1] quit
- Configure VPN and EVPN instances on Device2 and Device3.
# Configure Device2. The configuration of Device3 is similar to the configuration of Device2.
[Device2] ip vpn-instance vpn1 [Device2-vpn-instance-vpn1] vxlan vni 5010 [Device2-vpn-instance-vpn1] ipv4-family [Device2-vpn-instance-vpn1-af-ipv4] route-distinguisher 20:2 [Device2-vpn-instance-vpn1-af-ipv4] vpn-target 100:5010 evpn [Device2-vpn-instance-vpn1-af-ipv4] quit [Device2-vpn-instance-vpn1] quit [Device2] bridge-domain 10 [Device2-bd10] vxlan vni 10 [Device2-bd10] evpn [Device2-bd10-evpn] route-distinguisher 10:2 [Device2-bd10-evpn] vpn-target 100:10 [Device2-bd10-evpn] vpn-target 100:5010 export-extcommunity [Device2-bd10-evpn] quit [Device2-bd10] quit
- Enable ingress replication on Device2 and Device3.
# Configure Device2. The configuration of Device3 is similar to the configuration of Device2.
[Device2] interface nve 1 [Device2-Nve1] source 2.2.2.2 [Device2-Nve1] vni 10 head-end peer-list protocol bgp [Device2-Nve1] quit
- Configure Layer 3 VXLAN gateways on Device2 and Device3.# Configure a Layer 3 VXLAN gateway on Device2. The configuration of Device3 is similar to the configuration of Device2. Note that the IP addresses of VBDIF interfaces on Device2 and Device3 must belong to different network segments.
[Device2] interface vbdif10 [Device2-Vbdif10] ip binding vpn-instance vpn1 [Device2-Vbdif10] ip address 10.1.1.1 255.255.255.0 [Device2-Vbdif10] vxlan anycast-gateway enable [Device2-Vbdif10] arp collect host enable [Device2-Vbdif10] quit
- Configure BGP to advertise IRB routes between Device1 and Device2 and between Device1 and Device3.
# Configure Device1. The configurations of Device2 and Device3 are similar to the configuration of Device1.
[Device1] bgp 100 instance evpn1 [Device1-bgp-instance-evpn1] l2vpn-family evpn [Device1-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 advertise irb [Device1-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 advertise irb [Device1-bgp-instance-evpn1-af-evpn] quit [Device1-bgp-instance-evpn1] quit
Verifying the Configuration
After completing the configurations, run the display vxlan tunnel command on Device2 and Device3 to check VXLAN tunnel information. The following example uses the command output on Device2.
[Device2] display vxlan tunnel Number of vxlan tunnel : 1 Tunnel ID Source Destination State Type Uptime ----------------------------------------------------------------------------------- 4026531841 2.2.2.2 3.3.3.3 up dynamic 03:12:45
VM1s on different servers can communicate.
The tunnel goes up only after a Layer 2 sub-interface on Device2 or Device3 connects to a server. When there is no access server, the VXLAN tunnel state is not displayed because no IRB route is advertised.
Configuration Scripts
Device1
# sysname Device1 # evpn-overlay enable # interface 10GE1/0/1 undo portswitch ip address 192.168.3.2 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.2.2 255.255.255.0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # bgp 100 private-4-byte-as enable peer 192.168.2.1 as-number 200 peer 192.168.3.1 as-number 300 # ipv4-family unicast network 1.1.1.1 255.255.255.255 peer 192.168.2.1 enable peer 192.168.3.1 enable # bgp 100 instance evpn1 private-4-byte-as enable peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 # l2vpn-family evpn undo policy vpn-target peer 2.2.2.2 enable peer 2.2.2.2 advertise irb peer 2.2.2.2 reflect-client peer 3.3.3.3 enable peer 3.3.3.3 advertise irb peer 3.3.3.3 reflect-client # return
Device2
# sysname Device2 # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 20:2 vpn-target 100:5010 export-extcommunity evpn vpn-target 100:5010 import-extcommunity evpn vxlan vni 5010 # bridge-domain 10 vxlan vni 10 # evpn route-distinguisher 10:2 vpn-target 100:10 export-extcommunity vpn-target 100:5010 export-extcommunity vpn-target 100:10 import-extcommunity # interface Vbdif10 ip binding vpn-instance vpn1 ip address 10.1.1.1 255.255.255.0 vxlan anycast-gateway enable arp collect host enable # interface 10GE1/0/1 undo portswitch ip address 192.168.2.1 255.255.255.0 # interface 10GE1/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface Nve1 source 2.2.2.2 vni 10 head-end peer-list protocol bgp # bgp 200 private-4-byte-as enable peer 192.168.2.2 as-number 100 # ipv4-family unicast network 2.2.2.2 255.255.255.255 peer 192.168.2.2 enable # bgp 100 instance evpn1 private-4-byte-as enable peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 # l2vpn-family evpn policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 advertise irb # return
Device3
# sysname Device3 # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 20:3 vpn-target 100:5010 export-extcommunity evpn vpn-target 100:5010 import-extcommunity evpn vxlan vni 5010 # bridge-domain 20 vxlan vni 20 # evpn route-distinguisher 10:3 vpn-target 100:20 export-extcommunity vpn-target 100:5010 export-extcommunity vpn-target 100:20 import-extcommunity # interface Vbdif20 ip binding vpn-instance vpn1 ip address 10.20.1.1 255.255.255.0 vxlan anycast-gateway enable arp collect host enable # interface 10GE1/0/1 undo portswitch ip address 192.168.3.1 255.255.255.0 # interface 10GE1/0/2.1 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface Nve1 source 3.3.3.3 vni 20 head-end peer-list protocol bgp # bgp 300 private-4-byte-as enable peer 192.168.3.2 as-number 100 # ipv4-family unicast network 3.3.3.3 255.255.255.255 peer 192.168.3.2 enable # bgp 100 instance evpn1 private-4-byte-as enable peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 # l2vpn-family evpn policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 advertise irb # return
Document ID:EDOC1100302469
Views:40088
Downloads:69
Average rating:0.0Points